On 2021-11-18, Stefan Bodewig via Xmlunit-general wrote: > On 2021-11-17, Amarendra Godbole via Xmlunit-general wrote: > > > I wanted to highlight that the signature on xmlunit-1.3.jar is bad and > > won't verify with the key. However, it verifies fine on the associated .pom > > file. > > Thank you. > > I can confirm the signature is reported as bad. The non-crypto checksums > seem to be fine, but that's no guarantee things haven't been tampered > with.
[...] > I'll ask Sonatype for advice. The policy for Maven Central forbids replacing the jar - even if I could create a new one - so the only advice is to tell people not to use XMLUnit 1.3 and use a more recent version instead. Which is the best for our users anyway as XMLUnit 1.x is not really supprted anymore. Stefan _______________________________________________ Xmlunit-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xmlunit-general
